Week 2 Blog: Developing the Foundation

Welcome back to my journey in developing an AI-powered adaptive encryption system! This week was all about system design—mapping out how everything will work, what components need to be built, and how AI will interact with encryption methods to counter cyber threats. It was a deep dive into architecture planning, defining AI models, and setting the stage for development.

Last week, I researched existing encryption techniques, AI’s role in cybersecurity, and how machine learning models can classify cyber threats. With that knowledge in hand, I had to design a framework that logically connects threat detection and encryption recommendation, essentially giving AI the ability to analyze attacks and predict the best encryption strategies in real-time.

Breaking Down the System Design

To make this system functional, I divided it into three core components:

1. Threat Analysis Module – Uses machine learning to detect and classify cyber threats.
2. Encryption Recommendation Engine – Matches threats with the most effective encryption techniques.
3. Integration & Real-Time Adaptation Layer – Connects both systems for easy decision-making.

Each of these required careful planning, model selection, and evaluation criteria to ensure everything works together efficiently. Here’s how I approached it:

1. The Threat Analysis Module – How AI Detects Cyberattacks

This component acts as the “brain” of the system, classifying incoming cyber threats based on pre-trained machine learning models. To build this, I had to answer:

• What attack types should the system recognize?
• What machine learning models are best suited for this task?
• What datasets will train the AI to accurately detect threats?

Choosing Attack Types for Classification

I needed the AI to detect various cyberattacks that require different encryption strategies. After reviewing research papers and security reports, I decided to focus on:

• Ransomware – Encrypts files and demands ransom.
• Man-in-the-Middle (MitM) Attacks – Intercepts communication between parties.
• Phishing-Based Credential Theft – Tricks users into revealing login credentials.
• Denial-of-Service (DoS) Attacks – Overwhelms a system with traffic.
• SQL Injection – Injects malicious SQL queries to manipulate databases.

Each of these attacks exploits vulnerabilities differently, meaning the encryption response needs to be tailored accordingly.

Selecting the Machine Learning Model

For threat classification, I considered three different AI models:

1. Decision Trees – Simple, interpretable, but might struggle with complex attack patterns.
2. Random Forests – More robust, as it uses multiple decision trees to improve accuracy.
3. Neural Networks – Can detect subtle attack variations but require significant training data.

After weighing pros and cons, I decided to start with Random Forests for initial classification, then later test a Neural Network for deeper pattern recognition.

Sourcing Datasets for AI Training

To train the model, I needed real-world cyberattack data. I compiled datasets from:

• MITRE ATT&CK Framework – Contains adversary tactics and techniques.
• Kaggle Cybersecurity Datasets – Includes labeled attack data for training.
• CICIDS 2017 (Canadian Institute for Cybersecurity Intrusion Dataset) – A widely used dataset for machine learning in cybersecurity.

By preprocessing this data (cleaning, labeling, and normalizing), I’ll ensure the AI learns attack patterns effectively before training begins in Week 3.

2. The Encryption Recommendation Engine – Mapping Attacks to Defenses

Once an attack is detected, the AI must select the best encryption strategy to protect data. But encryption isn’t one-size-fits-all; different threats require different encryption methods.

Designing an Encryption Matching System

To match encryption methods to specific attacks, I created the following logic-based decision framework:

• Ransomware → AES (Advanced Encryption Standard)
  AES encrypts data securely at rest, preventing ransomware from accessing unencrypted files.
• MitM Attacks → TLS (Transport Layer Security) & ECC (Elliptic Curve Cryptography)
  TLS encrypts communication channels, and ECC ensures secure key exchanges.
• Phishing-Based Credential Theft → SHA-3 Hashing + Asymmetric Encryption
  Hashing secures stored passwords, and asymmetric encryption ensures secure authentication.
• DoS Attacks → Rate-Limiting & Traffic Encryption
  While not an encryption issue per se, applying rate-limiting and encrypting data packets prevents traffic manipulation.
• SQL Injection → Database Encryption (Homomorphic or Transparent Data Encryption)
  Encrypting database queries ensures attackers can’t extract meaningful data, even if they gain access.

This matching system will guide the AI’s encryption recommendations, ensuring that each threat is met with the most appropriate cryptographic defense.

3. Integration & Real-Time Adaptation – Connecting the Pieces

With attack classification and encryption selection mapped out, I had to plan how these two components communicate in real-time.

Developing a Processing Pipeline

To make the system adaptive, I designed a real-time data processing pipeline that functions in these steps:

1. Threat Identification – The Threat Analysis Module detects an attack.
2. Encryption Matching – The Encryption Recommendation Engine selects the best method.
3. Implementation Suggestion – The system outputs recommended encryption for that attack type.

Performance Considerations

• Latency: Since encryption recommendations must be fast, I’ll optimize processing to ensure minimal delay.
• Scalability: The system should be expandable to recognize more attack types in future iterations.
• Modularity: Keeping components separate allows for easier debugging and improvements.